rspec/rules/S6361/xml/rule.adoc

``++android:permission++`` is used to set a single permission for both reading and writing data from a content provider.
In regard to the Principle of Least Privilege, client applications that consume the content provider should only have the necessary privileges to complete their tasks. As ``++android:permission++`` grants both read and write access, it prevents client applications from applying this principle.
In practice, it means client applications that require read-only access will have to ask for more privileges than what they need: the content provider will always grant read and write together.


== Ask Yourself Whether

* Some client applications consuming the content provider may only require read permission.

There is a risk if you answered yes to this question.


== Recommended Secure Coding Practices

* Avoid using ``++android:permission++`` attribute alone. Instead ``++android:readPermission++`` and ``++android:writePermission++`` attributes to define separate read and write permissions.
* Avoid using the same permission for ``++android:readPermission++`` and ``++android:writePermission++`` attributes.


== Sensitive Code Example

[source,xml]
----
<provider 
  android:authorities="com.example.app.Provider"
  android:name="com.example.app.Provider"
  android:permission="com.example.app.PERMISSION"  <!-- Sensitive -->
  android:exported="true"/>
----

[source,xml]
----
<provider
  android:authorities="com.example.app.Provider"
  android:name="com.example.app.Provider"
  android:readPermission="com.example.app.PERMISSION"  <!-- Sensitive -->
  android:writePermission="com.example.app.PERMISSION" <!-- Sensitive -->
  android:exported="true"/>
----

== Compliant Solution

[source,xml]
----
<provider 
  android:authorities="com.example.app.MyProvider"
  android:name="com.example.app.MyProvider"
  android:readPermission="com.example.app.READ_PERMISSION"
  android:writePermission="com.example.app.WRITE_PERMISSION"
  android:exported="true"/>
----


== See

* https://developer.android.com/guide/topics/providers/content-provider-creating#Permissions[developer.android.com] - Implementing content provider permissions
* OWASP - https://mobile-security.gitbook.io/masvs/security-requirements/0x11-v6-interaction_with_the_environment[Mobile AppSec Verification Standard - Platform Interaction Requirements]
* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[Mobile Top 10 2016 Category M1 - Improper platform usage]
* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m6-insecure-authorization[Mobile Top 10 2016 Category M6 - Insecure Authorization]
* CWE - https://cwe.mitre.org/data/definitions/1220[CWE-1220 - Insufficient Granularity of Access Control]


ifdef::env-github,rspecator-view[]
== Implementation Specification
(visible only on this page)

== Message

Make sure using a single permission for read and write is safe here.


== Highlighting

* The ``++android:permission++`` attribute and its associated value.
* The whole ``++<content>++`` opening tag

endif::env-github,rspecator-view[]
Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			``++android:permission++`` is used to set a single permission for both reading and writing data from a content provider.
			In regard to the Principle of Least Privilege, client applications that consume the content provider should only have the necessary privileges to complete their tasks. As ``++android:permission++`` grants both read and write access, it prevents client applications from applying this principle.
			`In practice, it means client applications that require read-only access will have to ask for more privileges than what they need: the content provider will always grant read and write together.`
Create rule S6361: Defining a single permission for read and write access of Content Providers is security-sensitive (#427) 2021-10-13 13:40:11 +00:00

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`== Ask Yourself Whether`

			`* Some client applications consuming the content provider may only require read permission.`

			`There is a risk if you answered yes to this question.`


			`== Recommended Secure Coding Practices`

			* Avoid using ``++android:permission++`` attribute alone. Instead ``++android:readPermission++`` and ``++android:writePermission++`` attributes to define separate read and write permissions.
			* Avoid using the same permission for ``++android:readPermission++`` and ``++android:writePermission++`` attributes.

Create rule S6361: Defining a single permission for read and write access of Content Providers is security-sensitive (#427) 2021-10-13 13:40:11 +00:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Sensitive Code Example`
Modify multiple rules: Clean up texts of MMF-2503 (#1497) 2023-01-09 15:29:41 +01:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,xml]`
Create rule S6361: Defining a single permission for read and write access of Content Providers is security-sensitive (#427) 2021-10-13 13:40:11 +00:00			`----`
			`<provider`
			`android:authorities="com.example.app.Provider"`
			`android:name="com.example.app.Provider"`
Modify multiple rules: Clean up texts of MMF-2503 (#1497) 2023-01-09 15:29:41 +01:00			`android:permission="com.example.app.PERMISSION" <!-- Sensitive -->`
Create rule S6361: Defining a single permission for read and write access of Content Providers is security-sensitive (#427) 2021-10-13 13:40:11 +00:00			`android:exported="true"/>`
			`----`
Modify multiple rules: Clean up texts of MMF-2503 (#1497) 2023-01-09 15:29:41 +01:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,xml]`
Create rule S6361: Defining a single permission for read and write access of Content Providers is security-sensitive (#427) 2021-10-13 13:40:11 +00:00			`----`
Modify multiple rules: Clean up texts of MMF-2503 (#1497) 2023-01-09 15:29:41 +01:00			`<provider`
Create rule S6361: Defining a single permission for read and write access of Content Providers is security-sensitive (#427) 2021-10-13 13:40:11 +00:00			`android:authorities="com.example.app.Provider"`
			`android:name="com.example.app.Provider"`
Modify multiple rules: Clean up texts of MMF-2503 (#1497) 2023-01-09 15:29:41 +01:00			`android:readPermission="com.example.app.PERMISSION" <!-- Sensitive -->`
			`android:writePermission="com.example.app.PERMISSION" <!-- Sensitive -->`
Create rule S6361: Defining a single permission for read and write access of Content Providers is security-sensitive (#427) 2021-10-13 13:40:11 +00:00			`android:exported="true"/>`
			`----`

			`== Compliant Solution`
Modify multiple rules: Clean up texts of MMF-2503 (#1497) 2023-01-09 15:29:41 +01:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,xml]`
Create rule S6361: Defining a single permission for read and write access of Content Providers is security-sensitive (#427) 2021-10-13 13:40:11 +00:00			`----`
			`<provider`
			`android:authorities="com.example.app.MyProvider"`
			`android:name="com.example.app.MyProvider"`
			`android:readPermission="com.example.app.READ_PERMISSION"`
			`android:writePermission="com.example.app.WRITE_PERMISSION"`
			`android:exported="true"/>`
			`----`


Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`== See`

			`* https://developer.android.com/guide/topics/providers/content-provider-creating#Permissions[developer.android.com] - Implementing content provider permissions`
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) * Fix all CWE references * Fix all OWASP references * Fix missing CWE prefixes 2024-01-15 17:15:56 +01:00			`* OWASP - https://mobile-security.gitbook.io/masvs/security-requirements/0x11-v6-interaction_with_the_environment[Mobile AppSec Verification Standard - Platform Interaction Requirements]`
			`* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[Mobile Top 10 2016 Category M1 - Improper platform usage]`
			`* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m6-insecure-authorization[Mobile Top 10 2016 Category M6 - Insecure Authorization]`
			`* CWE - https://cwe.mitre.org/data/definitions/1220[CWE-1220 - Insufficient Granularity of Access Control]`
Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00
Create rule S6361: Defining a single permission for read and write access of Content Providers is security-sensitive (#427) 2021-10-13 13:40:11 +00:00
			`ifdef::env-github,rspecator-view[]`
			`== Implementation Specification`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`== Message`

			`Make sure using a single permission for read and write is safe here.`


			`== Highlighting`

			* The ``++android:permission++`` attribute and its associated value.
			* The whole ``++<content>++`` opening tag
Create rule S6361: Defining a single permission for read and write access of Content Providers is security-sensitive (#427) 2021-10-13 13:40:11 +00:00
Modify multiple rules: Clean up texts of MMF-2503 (#1497) 2023-01-09 15:29:41 +01:00			`endif::env-github,rspecator-view[]`